Honeypot setup for education

"Honeypot" is just a computer system or a network segment, loaded with servers and devices and data. It may be protected with a firewall, although you want the attackers to have some access. There may be some monitoring capability, done carefully so that the monitoring is not evident to the attacker. The reason to setup honeypot varies from avoid tampering to tracking and capturingthe attacker. The purpose for this project is to set up an education tool for student to learn and know how honeypot works. Because of the increasing rate of cyber crime, it is hope that with this, it can encourage the student and the public generally to be more aware about the matter concerning information technology security. The Honeynet Project made up of a small group of security professionals dedicated to learning the tools and tactics of the black-hat community and sharing those lessons learned with the security community. Their contribution varies from how to setup a honeypot to how the attacker behaves and what triggers them is shown in this paper and research. To design this particular honeypot, I've use the waterfallmodel methodology as a guideline to build and design it. Honeypot are interesting research topic and open up a new field of technology and creative thinking

A Survey on Active Defense Honeypot Mechanism for Information Security

Information security is a rising concern today in this era of the internet because of the rapid development of the new attack techniques. The existing security mechanisms such as traditional intrusion detection systems, firewalls and encryption are the passive defense mechanisms. This has led to growing interest in the active defense technology like honeypots. Honeypots are fake computer Systems which appears vulnerable to attack though it actually prevents access to valuable sensitive data and administrative controls. A well designed and developed Honeypot provide data to the research community to study issues in network and information security. In this paper we examine different Types of Honeypots, Honeypot concepts and approaches in order to determine how we can intend measures to enhance security using these technologies. In this work a web application honeypot architecture is proposed

Profiling Behavior of Intruders on Enterprise Honeynet: Deployment and Analysis

Network and information security continues to be one of the largest areas that require greater attention and improvement over the current state of infrastructure within enterprise information systems. Intruders to enterprise networks are no longer just hacking for fun or to show off their programming skills; rather they are now doing it for profit-making motives. As a result, developing profiles for the behavior of intruders, trespassing upon business information systems within an enterprise networking environment, has become a primary focus of cyber-security research recently. In the proposed on-going project, we deploy a novel honeynet system using advanced virtualization technologies, in order to collect the forensic evidence of an attack, by allowing attackers to interact with compromised computers in a real enterprise network. We then analyze the behavior of intruders in order to investigate and compare their hidden linkages as compared with enterprise networks, and the attacker(s)’ potential group structures, including attributes such as geographic distribution and service communities, thus providing strategies for enterprise-network administrators to stay protected against malicious attacks from external intruders. Preliminary results on the proposed research is very promising, showing intruders’ behaviors over one month were distributed across over 60 different countries, and our work demonstrated that the most popular service intruders like use to interact with is the very HTTP Web itself

A Dynamic Security Model for Addressing Hacking Risk Factors

Communication technologies have a significant influence on the business industry. Exchanging information, storing and retrieving data, and cutting communication costs are prime reasons for relying heavily on these technologies. However, these technologies are significantly affected by hacking. Due to neglecting the behaviour of hackers during the initial design stage of common security solutions, including firewalls, Intrusion Detection Systems, Intrusion Detection and Prevention Systems, Honeypot and Honeynet, successful hacking attempts still exist. This paper aims to investigate pre-hacking steps (footprinting, scanning, and enumeration) and to highlight the risk factors that are not considered during the development of current security solutions. These risk factors are the common causes of the failures of current security solutions against many hacking attempts. Moreover, this paper proposes a dynamic security model to guide security researchers towards proposing security countermeasures that address these risk factors, which eventually lead to minimising hacking risks

NoSEBrEaK - Attacking Honeynets

It is usually assumed that Honeynets are hard to detect and that attempts to detect or disable them can be unconditionally monitored. We scrutinize this assumption and demonstrate a method how a host in a honeynet can be completely controlled by an attacker without any substantial logging taking place

SOLUSI NETWORK SECURITY DARI ANCAMAN SQL INJECTION DAN DENIAL OF SERVICE (DOS)

Spitzner, Lance (2003) Honeypots adalah suatu sistem keamanan jaringan komputer yang didesain untuk diserang/disusupi oleh cracker, dan bukan untuk menyediakan suatu suatu layanan produksi. Seharusnya hanya sedikit atau bahkan tidak ada sama sekali trafik jaringan yang berasal atau menuju honeypots. Oleh karena itu, semua trafik honeypots patut dicurigai sebagai aktivitas yang tidak sah atau tidak terautorisasi. Jika cukup informasi pada log file honeypots, maka aktivitas mereka dapat dimonitor dan diketahui pola serangannya tanpa menimbulkan resiko kepada production system asli atau data Pada penelitian ini, dibangun suatu sistem honeypots yang menyerupai production system yang sesungguhnya. Layanan yang diemulasikan pada honeypots adalah web server. Mekanisme pengawasan/monitoring pada sistem honeypot ini dilakukan dengan menggunakan log. Digunakannya log ini adalah untuk memudahkan pemeriksaan kembali data (analisis forensik) yang diterima oleh sistem honeypots. Implementasi dalam penelitian ini, sistem honeypot dirancang berdasar kepada high interaction honeypot, yaitu sistem honeypot yang yang mengemulasikan service dengan alamat IP tersendiri. Rancangan honeypot dalam penelitian ini dipergunakan untuk memberikan service security terhadap layanan http (web server). Spitzner, Lance (2003) honeypots is a computer network security system designed for attack / compromised by a cracker, and not to provide an a production service. Should have little or even nothing at all network traffic originating in or towards honeypots. Therefore, all traffic honeypots suspect unauthorized activity or not terautorisasi. If enough information in the log files honeypots, then their activity can be monitored and known patterns of attacks without causing any risk to production systems or the original data In this study, constructed a system of honeypots that resembles the actual production system. The service is emulated on a web server honeypots. The mechanism of supervision / monitoring the honeypot system is done by using the log. These logs are used to facilitate re-examination of data (forensic analysis) received by the honeypots. Implementation of this research, honeypot system is designed based on high-interaction honeypot, which is a honeypot system that emulates the service with its own IP address. The design of the research honeypot is used to provide security services to the http service (web server)

Be Aware with a Honeypot

The Internet has already become a hostile environment for computers, especially when they are directly connected with a public IP address. We have experienced this hostile activity where on an average day; the ITB Honeypot recorded over a thousand reconnaissance attacks seeking unauthorised entry onto our private network. Our Honeypot is a basic PC running Windows XP with no services offered and no activity from users that would generate traffic. The Honeypot is running in a passive state on a stub-network where all inbound and outbound traffic is recorded at the bridging computer to the WAN. We report on the majority of scans and vulnerability attacks that were used and investigate the processes that targeted vulnerable ports and access points on the network

A Study on Honeypot Technology for Future: Principles and Applications

Honeypot is an exciting new technology with enormous potential for the security community. It isresource which is intended to be attacked and compromised to gain more information about theattacker and his attack techniques. They are a highly flexible tool that comes in many shapes andsizes. This paper deals withunderstanding what a honeypot actually is, and how it works.There are different varieties of honeypots. Based on their category they have different applications. Thispaper gives an insight in to the use of honeypots in productive as well as educative environments.This paper alsodiscusses the advantages and disadvantages of honeypots, and what the futurehold in store forthem

Taxonomy of honeynet solutions

Honeynet research has become more important as a way to overcome the limitations imposed by the use of individual honeypots. A honeynet can be defined as a network of honeypots following certain topology. Although there are at present many existing honeynet solutions, no taxonomies have been proposed in order to classify them. In this paper, we propose such taxonomy, identifying the main criteria used for its classification and applying the classification scheme to some of the existing honeynet solutions, in order to quickly get a clear outline of the honeynet architecture and gain insight of the honeynet technology. The analysis of the classification scheme of the taxonomy allows getting an overview of the advantages and disadvantages of each criterion value. We later use this analysis to explore the design space of honeynet solutions for the proposal of a future optimized honeynet solution

Network Security in Organizations using Intrusion Detection System based on Honeypots

The role of the Internet is increasing and many technical, commercial and business transactions are conducted by a multitude of users that use a set of specialized / sophisticated network applications. Today we face threats of the network which cause enormous damage to the community day by day to the Internet. In this context, the task of network monitoring and surveillance is of utmost relevance and honeypots are promising tools for information and understanding of "areas of interest" of the attackers, and the possible relationship between blackhat teams. In this situation, people are increasingly trying to prevent their network security using traditional mechanisms, including firewalls, Intrusion Detection System, etc. Among them honeypot is a versatile tool for a practitioner security, of course, they are tools that are intended to be attacked or interacted with other information about the attackers, their motives and tools. In this paper, we describe a comparative analysis of various IDS and their usefulness on various aspects. Two major categories of HoneyPot viz. low interaction honeypot and high-interaction honeypot have also been discussed in detail. In this paper, low-interaction honeypot is used as a traffic filter. Activities such as port scanning can be effectively detected by the weak interaction honeypot and stop there. Traffic that cannot be processed by the weak interaction honeypot is delivered over high-interaction honeypot. In this case, the weak interaction honeypot is used as a proxy for high-interaction honeypot then offer optimal realism